The California Office of the Attorney General disclosed a **data breach** involving **Discover Financial Services** on **May 25, 2012**. The incident centered on the **potential compromise of card account information**, prompting the company to issue **new cards to affected customers**. While the exact number of impacted individuals and the precise method of the breach (e.g., phishing, system intrusion, or third-party vulnerability) were **not publicly disclosed**, the exposure of payment card details posed a direct risk of **fraudulent transactions** and financial harm to customers.The breach underscored vulnerabilities in safeguarding **sensitive financial data**, though no evidence suggested broader systemic failures or large-scale identity theft beyond card-related fraud. The lack of transparency regarding the breach’s scope and origin further raised concerns about **reputational damage**, as customers and regulators questioned the company’s data protection measures. While no ransomware or large-scale data exfiltration (e.g., full customer profiles) was reported, the incident aligned with patterns of **financial cybercrime**, where attackers exploit weaknesses to access payment systems or transactional data.Discover’s response—proactively replacing compromised cards—mitigated immediate risks but highlighted the persistent threat of **cyber attacks targeting financial institutions**, where even limited exposures can erode trust and incur operational costs (e.g., card reissuance, fraud monitoring).
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-23276
TPRM report: https://www.rankiteo.com/company/discover-financial-services
"id": "dis546091725",
"linkid": "discover-financial-services",
"type": "Cyber Attack",
"date": "5/2012",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Banking/Credit Cards',
'location': 'United States (California)',
'name': 'Discover Financial Services',
'type': 'Financial Services'}],
'customer_advisories': 'Customers issued new cards',
'data_breach': {'sensitivity_of_data': 'High (payment card data)',
'type_of_data_compromised': 'Card account information'},
'date_publicly_disclosed': '2012-05-25',
'description': 'The California Office of the Attorney General reported a data '
'breach notification from Discover Financial Services on May '
'25, 2012. The breach involved a potential compromise of card '
'account information, leading to customers being issued new '
'cards; specific numbers of affected individuals and the exact '
'method of breach were not provided.',
'impact': {'data_compromised': ['Card account information'],
'operational_impact': 'Customers issued new cards',
'payment_information_risk': 'Potential compromise of card account '
'information'},
'references': [{'date_accessed': '2012-05-25',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'California Office of the Attorney '
'General',
'remediation_measures': 'Customers issued new cards'},
'title': 'Discover Financial Services Data Breach (2012)',
'type': 'Data Breach'}